This is Intel's second attempt at patching the vulnerability, and this time around both the company and its customers will be praying that the fix for Skylake, Kaby Lake and Coffee Lake chips actually does the job.

Pure inference here, though it may be a conclusion jump, but I think he meant that the dumb luck part of it is that he chose to go AMD for his latest build instead of Intel ahead of finding out about Meltdown.

Agile is the practice of building software without first figuring out what kind of software you need to build. It IS development by prayer - build something, anything, and then pray that it somehow related to the user's need.

I don't think the free Mountain Dew in the breakroom is helping any, either. Nor does the Free Pizza Fridays.

I've spent some time in the Portland area, including near the Intel campus, and I have to say that if the team is entirely made up of H1B recipients then you'll get like, 3 times as many team members per metric ton compared to using domestic neckbeards.

They are following the Google model of releasing everything as BETA so they have to provide no warranty, and push testing on the unwashed masses. Only after it is deemed successful will they remove the "BETA" moniker. Saves them the trouble.

You are assuming that Intel does testing in the first place. We now know that they prefer to pray than test. "Our Father, who art in Silicon Valley, hallowed be thy chipsets. Thy breadboards come, thy NAND gates done, on XOR as it is in RAM. Give us this day our daily clock speed and lead us not into a Meltdown but deliver us from AMD. For thine is the multi-core, the multi-thread, and the L3 cache forever. Amen."

Lets face it, the FUD spread to blur Meltdown with Spectre has been won by Intel. It's up to the non-tech crowd to evolve to not take headlines at face value. It seems you can do no wrong in PR no matter how misleading... It's not possible to shout loudly enough against it, people have already moved onto the next headline.

There was a campy, over-the-top parody TV show called "Sledge Hammer" back in the 80s... although even if you're old enough, you may not remember it since it wasn't exactly a roaring success. The "protagonist" (using that term loosely) was a gun-happy cop whose solution to everything involved using his gun. If someone was stealing a candy bar, he might shoot the candy bar out of the perp's hands, for instance. If an old lady missed her bus, he might shoot out the tires of the bus.

Anyway, right now Intel reminds me of the show's intro. Most of it just featured glamour shots of Sledge Hammer's gun... but, at the end, Sledge Hammer says "Trust me, I know what I'm doing", and he shoots - but the bullet miscarries, resulting in a (virtual) bullet hole on your TV screen.

Remember that there are two groups with similar names, the Cardassians and the Kardashians. One group is vaguely reptilian, have large misshapen heads and an overblown and undeserved sense of superiority. The other group, of course, invaded Bajor.

Spectre impacts everything and is basically not something that can really go away. It will be haunting us for a long time, which is why they called it "Spectre." The upside is it's extremely difficult to exploit in a meaningful way.

Meltdown is actually fixable since it's a bounds check that intel doesn't enforce when they are supposed to. The microcode and firmware can both be fixed to resolve that issue.

It's a bit funny that this post is 5 Informative. It is exactly the wrong way around. Meltdown can be fixed with a patch. It involves speculating across a hardware security barrier, which is something that microcode has a chance to detect.

Spectre, on the other hand, does not involve speculating into inaccessible memory. It just involves speculating into memory that the program (typically a jit compiler) is carefully avoiding touching.

You've misunderstood the problem. The patchability of this issue has been public knowledge for quite a while, so there's no excuse for your flippant ignorance on it. The article even specifically calls out Spectre: you'll see only the summary incorrectly mentions Meltdown.

Meltdown is only patchable via software at the OS level. This is the entire reason operating systems put in these huge page table isolation pages. The CPU fix will come years from now.

the release sees the company crossing its fingers and hoping that everything works out this time

Intel has relationships with pretty much every computer OEM and cloud computing provider -- why do they need to cross their fingers and hope for the best when they can get their partners (who are just as motivated as Intel to have a usable solution) involved in large-scale tests?

Intel has relationships with pretty much every computer OEM and cloud computing provider -- why do they need to cross their fingers and hope for the best when they can get their partners (who are just as motivated as Intel to have a usable solution) involved in large-scale tests?

One possible answer is because those others might just discover other security vulnerabilities in the silicon, possibly either unintentional in nature and/or some that were requested/ordered to be left in or deliberately inserted by US TLAs.

Hey, Google only notified them in June and maybe they were going to get around to working on it after the holidays. And there are two new variants out this week that aren't considered, so be ready for the next round in a month or so as well.

You can't expect Intel to get these things done immediately, people! (the class action suits are going to love that they didn't fix it with six months' warning).

Hey, Google only notified them in June and maybe they were going to get around to working on it after the holidays. And there are two new variants out this week that aren't considered, so be ready for the next round in a month or so as well.

You can't expect Intel to get these things done immediately, people! (the class action suits are going to love that they didn't fix it with six months' warning).

This sounds very much like the Navy-owned submarine torbedo development facility, at the beginning of WWII. They sounded just the same and showed the same organizational problems, when the torbedoes that the submariners used failed to explode, over and over. Like 8 fired and one worked!

They were later found to have half a dozen serious bugs and defects, which had never been tested. Estimated to have caused a number of our ships to be destroyed and over 800 people to be killed!

Ok, understandably, the ignorance of many comments here make sense on the surface: Intel how long really does it take you to fix this, you incompetent bunch of nerfherders!

Well, my guess, is that the fix was pretty much knocked out within days. Then a bit longer to get it 99.9% right. Then a month to get it 99.99% right. Then three months to get it validated, and verified, to 99.999% right.

Intel needs to be 99.9999% right because of the volume of different designs and chips out there and the possibility of

For Metldown, the quality of the last patch they offered, which was so bad that company after company said "don't install that" (though, AFAIK, only Linus added "garbage") seems to indicate that they didn't start development of the patch until after public notice.

Spectre is a different problem, but Meltdown ought to be fixable, if only by disabling the running speculative execution. (Whether they can do better than that I wouldn't guess.) OTOH, that approach should also solve Spectre...but nobody wants to

And I'm no expert, so I can't give you the details you want. But you could check the Linux Kernel developers list where it was discussed. Abusively. Linus did not think highly of the patch at all. Other companies just said "don't install that" and said things like "it won't work with our equipment". If any of them gave details, I didn't hear them. (OTOH, I only hear of this on Slashdot and Soylent News. As I said, that's not where I'm an expert.)

Skylake launched Q3 2015. So Intel is pushing the patch for barely more than 2 years worth of product. What about the millions (billions?) of systems out there that were not replaced in the past two years? Are they going the same way of Android in the "well fuck, sucks to be you!" mentality of security because the device isn't the absolute latest and greatest? I'm thinking they only supported back that far is because there are Xeon-D CPUs that launched Q1 2018 with Skylake architecture, and Intel is all over that Xeon-D right now (this is what Facebook is now using)